Skip to Content.
Sympa Menu

cat-users - RE: [[cat-users]] Problem logging in to CAT

cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

RE: [[cat-users]] Problem logging in to CAT


Chronological Thread 
  • From: Stuart Anderson <s.anderson AT qmul.ac.uk>
  • To: Nik Mitev <nik.mitev AT jisc.ac.uk>, Dubravko Voncina <dubravko.voncina AT srce.hr>
  • Cc: eduroam CAT Feedback <cat-users AT lists.geant.org>
  • Subject: RE: [[cat-users]] Problem logging in to CAT
  • Date: Thu, 3 May 2018 15:16:44 +0000
  • Accept-language: en-GB, en-US
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=qmulprod.onmicrosoft.com
  • Authentication-results: spf=none (sender IP is ) smtp.mailfrom=s.anderson AT qmul.ac.uk;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Hi all,

I believe I'm the user Nik mentioned. I can successfully log in using my
institution credentials, but once I'm in I get a page saying “You are not
managing any institutions.”. I am new to CAT (granted access 19/4/18), but
had access yesterday to configure our installers but don't appear to have it
today.

My unique identifier, if it helps, is shown as
eduPersonTargetedID:Px9LWf53LFaDUdPWooBecsCT67U=!https://idp.shibboleth.qmul.ac.uk/idp/shibboleth.

Any help/advice appreciated.

Regards,

Stuart
-- 
Stuart Anderson
Network Delivery Officer, IT Services
Queen Mary University of London
Tel: +44 (0)20 7882 5629

> -----Original Message-----
> From: Nik Mitev
> [mailto:nik.mitev AT jisc.ac.uk]
> Sent: 03 May 2018 15:56
> To: Dubravko Voncina
> <dubravko.voncina AT srce.hr>
> Cc: eduroam CAT Feedback
> <cat-users AT lists.geant.org>
> Subject: Re: [[cat-users]] Problem logging in to CAT
>
> Hi Dubravko,
>
> Thanks for that - I am logging in through the Geant guest IdP, do you know
> who administers it?
>
> I will ask the UK user who originally reported the issue to try and log in
> and if
> needed email here directly as well.
>
> Thanks again,
> Nik
>
> -------- Original Message --------
> From: Dubravko Voncina
> Sent: Thursday, May 3, 2018 3:35 PM BST
> To: Nik Mitev
> Cc: eduroam CAT Feedback
> Subject: [[cat-users]] Problem logging in to CAT
>
> Hello again Nik,
>
> I believe I've found the cause of your problem. Apparently, your IdP
> provides
> string value of an attribute 'urn:oid:1.3.6.1.4.1.5923.1.1.1.10'
> (eduPersonTargetedID) which is invalid eduPersonTargetedID value format.
> This was tolerated in SimpleSAMLphp versions prior to 1.15, but latest
> stable
> version of SimpleSAMLphp requires eduPersonTargetedID to be provided as
> an XML construct.
>
> For example, your IdP provides SAML authentication response which
> contains following attribute statement:
>
>
> <saml:AttributeStatement>
> <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue xsi:type="xs:string">Nik
> Mitev</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
> </saml:Attribute>
> </saml:AttributeStatement>
>
>
> but instead, your IdP should provide attribute statement that roughly looks
> like:
>
>
> <saml:AttributeStatement>
> <saml:Attribute Name="urn:oid:2.16.840.1.113730.3.1.241"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue xsi:type="xs:string">Nik
> Mitev</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="urn:oid:0.9.2342.19200300.100.1.3"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue
> xsi:type="xs:string">some_value</saml:AttributeValue>
> </saml:Attribute>
> <saml:Attribute Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
> NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
> <saml:AttributeValue>
> <saml:NameID NameQualifier="https://gidp.geant.net";
> SPNameQualifier="https://monitor.eduroam.org/sp/module.php/saml/sp/
> metadata.php/default-sp"
> Format="urn:oasis:names:tc:SAML:2.0:nameid-
> format:persistent">some_value</saml:NameID>
> </saml:AttributeValue>
> </saml:Attribute>
> </saml:AttributeStatement>
>
>
> I'm afraid there's not much we can do about it, this problem will have to be
> fixed at the IdP side.
>
> Best Regards,
>
> Dubravko Voncina
> Middleware and Data Services Department
> University of Zagreb, University Computing Centre, www.srce.unizg.hr
> dubravko.voncina AT srce.hr,
> tel: +385 98 219273, fax: +385 1 6165559
>
>
>
>
> On 03 May 2018, at 14:24, Nik Mitev
> <nik.mitev AT jisc.ac.uk>
> wrote:
>
> He had logged in earlier yes. And I certainly have logged in earlier too :)
>
> Nik
>
> -------- Original Message --------
> From: Stefan Winter
> Sent: Thursday, May 3, 2018 12:59 PM BST
> To:
> cat-users AT lists.geant.org
> Subject: [[cat-users]] Problem logging in to CAT
>
> Hi,
>
> I have a ticket from a user who reports he is failing to log in to CAT, and
> when
> I tried to log in myself to see if there is anything obvious my login
> failed as
> well with the message "An unhandled exception was thrown." and a tracking
> id of b80f6f0c25
>
> Debug: SAML2\Exception\RuntimeException: A
> "urn:oid:1.3.6.1.4.1.5923.1.1.1.10" (EPTI) attribute value must be a NameID,
> none found for value no. "0
>
> Let me know if you need any further info.
>
> This coincides suspiciously with the maintenance work Miro announced for
> earlier today.
>
> Did the user log in successfully earlier, or is it a brand new user? The
> latter
> could mean a misconfigured IdP is at fault, the former would suggest it's
> more like an update problem on the SP side.
>
> Greetings,
>
> Stefan
>
>
>
> --
> Nik Mitev
> eduroam(UK) Development Specialist, Jisc www.eduroam.ac.uk Twitter
> @eduroamuk – for news, information, pictures and fun
>
> When replying to this e-mail is it essential to preserve the
> (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
>
>
>
>
> --
> Nik Mitev
> eduroam(UK) Development Specialist, Jisc www.eduroam.ac.uk Twitter
> @eduroamuk – for news, information, pictures and fun
>
> When replying to this e-mail is it essential to preserve the
> (Ref:IN:xxxxxxxx) text in the subject line and to always use 'Reply All'
>




Archive powered by MHonArc 2.6.19.

Top of Page